What is the Farm and Food Cybersecurity Act?
On January 22, 2024, Rep. Brad Finstad (R) of Minnesota introduced the Farm and Food Cybersecurity Act of 2024. It is a bill designed to strengthen cybersecurity by addressing threats to and vulnerabilities within our food supply chain.
What It Says
The bill outlines new responsibilities of the Secretary of Agriculture and the Cybersecurity and Infrastructure Security Agency (CISA) to research those cyber threats and vulnerabilities in the industry and provide recommendations to agribusinesses that will enhance their security and resilience.
“Cybersecurity attacks have become a huge threat to our food supply chain,” shared Patrick Day, director of client strategy for ZAG. “With agribusinesses actively targeted, it is good to see the government take steps to help these companies protect themselves.”
Additionally, the legislation mandates that the Secretary of Agriculture conduct an annual cross-sector simulation exercise of a food-related emergency or disruption, spanning a five-year duration and report their findings to key Homeland Security and Agriculture Committees.
The crisis simulation is to be conducted in coordination with the Secretaries of Homeland Security and Health and Human Services, the Director of National Intelligence, and the heads of other relevant Federal agencies. The crisis simulations and reporting has six objectives, three of which we foresee being very impactful.
- The simulations will assess the preparedness and response capabilities of Federal, State, Tribal, local, and territorial governments and private sector entities in the event of a food-related emergency or disruption. Assessments, or audits, play a crucial role in maintaining the health, security, and compliance of technology systems, ultimately contributing to the overall success and resilience of businesses in today’s digital landscape.
- The assessment will identify and address gaps and vulnerabilities in the food supply chain and critical infrastructure. By uncovering security risks, businesses can strengthen their cybersecurity measures, protecting sensitive data and systems from potential threats.
- The bill will also develop and disseminate best practices and recommendations for improving food security and resilience, enhancing consistency, clarity, compliance, risk management, efficiency, benchmarking, continuous improvement, and communication. (Regarding standards, we point the Government to ProduceSupply.Org’s NIST-based Ag cyber standards.)
What It Means
The intent behind the Farm and Food Cybersecurity Act is to help secure our food supply chain and enhance its resilience through monitoring, reporting, and supplying recommendations and resources for those in or servicing the industry. Senator Gillibrand shared, “Protecting our nation’s farms and food security against cyberattacks is a vital component of our national security.”
ZAG’s CEO Greg Gatzke added, “Food security is national security. Ensuring food security is paramount for safeguarding the nation’s stability and resilience.”
The bill places no requirements on growers, shippers, or any other faction of the industry at this time. It is meant as a resource for American companies, providing information on threats, recommendations, and solutions for overcoming those threats.
While it will not eliminate cyber threats, it is a step in the right direction, and we will keep a close eye on its movement through the legislative process.
“We are hopeful this Act provides resources that help agribusinesses protect themselves nationwide. The greatest value in cybersecurity is in proactive prevention and adhering to Ag cyber standards,” Day ended. “Don’t wait.”
Where It Stands
Having just been submitted, the bill is waiting to be addressed. There is no scheduled date for the bill to be heard or voted on, yet. ZAG will continue monitoring the bill for updates and progress. Stay tuned for more updates as they become available.